Educause Security Discussion mailing list archives
Re: Policy Defining Responsibility for CIO & CISO
From: Ben Woelk <fbwis () RIT EDU>
Date: Mon, 22 Feb 2016 15:49:21 +0000
Cathy, Thanks for sharing this! Does your organizational structure include a separate Risk Management function? (I noticed that Audit wasn’t called out under the Roles and Responsibilities either.) Thanks, Ben Woelk '07 CISSP ISO Program Manager Information Security Office Rochester Institute of Technology ROS 10-A204 151 Lomb Memorial Drive Rochester, New York 14623 585.475.4122 585.475.7920 fax ben.woelk () rit edu<mailto:ben.woelk () rit edu> http://www.rit.edu/security/ Become a fan of RIT Information Security at http://rit.facebook.com/RITInfosec<http://rit.facebook.com/profile.php?id=6017464645> Follow us on Twitter: http://twitter.com/RIT_InfoSec CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Cathy Bates Sent: Monday, February 22, 2016 10:40 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Policy Defining Responsibility for CIO & CISO Hi Carlos, Our information security policy has a brief section on roles and responsibilities for leadership areas of the university, including CIO and CISO. http://policy.appstate.edu/Information_Security_Policy#Policy_and_Procedure_Statements Best, Cathy Cathy Bates Associate Vice Chancellor and CIO Appalachian State University 828-262-6278 batescj () appstate edu<mailto:batescj () appstate edu> [https://docs.google.com/uc?export=download&id=0B8ijnSupZQjsNTBrV1MySVhscXc&revid=0B8ijnSupZQjsWW5OZTZ0UUdZTW85VjRmVFZvWFhTME1xYVlvPQ] On Mon, Feb 22, 2016 at 10:27 AM, Carlos Lobato <clobato () nmsu edu<mailto:clobato () nmsu edu>> wrote: Good Morning Colleagues, If your institution has a policy that clearly delineates responsibility for the CIO and CISO, I would highly appreciate if you would send me a link to your policy. Thanks in advance, Carlos Carlos S. Lobato, CISA, CISSP, CPA IT Compliance Officer New Mexico State University Information and Communication Technologies MSC 3AT PO Box 30001 Las Cruces, NM 88003 Phone (575) 646-5902<tel:%28575%29%20646-5902> Fax (575) 646-5278<tel:%28575%29%20646-5278>
Current thread:
- Policy Defining Responsibility for CIO & CISO Carlos Lobato (Feb 22)
- Re: Policy Defining Responsibility for CIO & CISO Cathy Bates (Feb 22)
- Re: Policy Defining Responsibility for CIO & CISO Ben Woelk (Feb 22)
- Re: Policy Defining Responsibility for CIO & CISO Miguel Angel Gonzalez de la Torre (Feb 22)
- Re: Policy Defining Responsibility for CIO & CISO Ben Woelk (Feb 22)
- Re: Policy Defining Responsibility for CIO & CISO randy (Feb 22)
- <Possible follow-ups>
- Re: Policy Defining Responsibility for CIO & CISO Carlos Lobato (Feb 22)
- Re: Policy Defining Responsibility for CIO & CISO Valerie Vogel (Feb 22)
- Re: Policy Defining Responsibility for CIO & CISO Cathy Bates (Feb 22)